PHOENIX CONTACTs WP 6xxx series web panels Operating System Command Injection Vulnerability

PHOENIX CONTACTs WP 6xxx series web panels are a series of web panels from PHOENIX CONTACTs, Germany. An operating system command injection vulnerability exists in PHOENIX CONTACTs WP 6xxx series web panels prior to version 4.0.10, which originates in the web panels, where uploading credentials t...

Ruijie Networks BCR810W 操作系统命令注入漏洞

The Ruijie Networks BCR810W is an intelligent cloud router from Ruijie Networks China. An operating system command injection vulnerability exists in the Ruijie Networks BCR810W version 2.5.10. An attacker could exploit this vulnerability to conduct an OS command injection attack...

IBM Security Directory Suite 操作系统命令注入漏洞

IBM Security Directory Suite is a scalable, standards-based identity platform from International Business Machines IBM that simplifies identity and directory management. An operating system command injection vulnerability exists in IBM Security Directory Suite VA, which can be exploited by an...

CVE-2023-26210

Multiple improper neutralization of special elements used in an os command 'OS Command Injection' vulnerabilties CWE-78 vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as root user via crafted CLI requests...

"WPS Office" vulnerable to OS command injection

Overview "WPS Office" which was provided by KINGSOFT JAPAN, INC. contains an OS command injection vulnerability CWE-78. Impact If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may...

KbDevice digital video recorders 操作系统命令注入漏洞

The KbDevice KB-AHR04D is an AHD hybrid recorder from KbDevice. A security vulnerability exists in KbDevice digital video recorders. An attacker could exploit this vulnerability to perform an operating system command injection attack...

CVE-2023-25554

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...

pyMedusa 操作系统命令注入漏洞

pyMedusa is pyMedusa open source automated video library manager for a TV program. An operating system command injection vulnerability exists in versions prior to pymedusa 1.0.12. An attacker can exploit this vulnerability to update the git executable path in /config/general/advanced settings usi...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Checkmk 操作系统命令注入漏洞

Checkmk is an editor. Tribe29 Checkmk suffers from an operating system command injection vulnerability that stems from the presence of a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands within the local privileges of the application...

SUSE CVE-2022-43758

A Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM only admin users by default This issue...

ZOHO ManageEngine SupportCenter Plus 操作系统命令注入漏洞

ZOHO ManageEngine SupportCenter Plus is a Web-based customer support software from ZOHO, Inc. It is used to allow organizations to efficiently manage customer requests, their account and contact information, service contracts, and provide an exceptional customer experience in the process. A...

is-http2 操作系统命令注入漏洞

is-http2 is an application by Stefan Judis personal developer. A simple module for checking whether certain servers support HTTP/2. An operating system command injection vulnerability exists in is-http2, which stems from a lack of input cleanup or other checks and the use of sandboxing by the isH...

Siretta QUARTZ-GOLD 操作系统命令注入漏洞

Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to an operating system command injection vulnerability, which can be exploited by attackers to cause the execution of arbitrary commands by sending specially crafted...

PT-2023-14127 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: Several OS command injection vulnerabilities exist in the m2m binary. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network...

Brave 操作系统命令注入漏洞

Brave is a fast, private and secure web browser from Brave USA. Brave UX for-the-badge suffers from an operating system command injection vulnerability that stems from several unknown functions in its .github/workflows/combine-prs.yml file that allows an attacker to implement system command...

p4 操作系统命令注入漏洞

p4 is a small utility library for working with Perforce by the individual developer Nate Long. An operating system command injection vulnerability exists in versions prior to p4 0.0.7, which stems from incorrect input cleanup, and a command injection vulnerability via the run function...

CVE-2022-44606

OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

多款Sapido产品操作系统命令注入漏洞

Sapido BR270n and others are a wireless router from Sapido. A security vulnerability exists in Sapido BR270n, BRC76n, GR297, RB1732. An attacker could exploit this vulnerability to perform os command injection attacks...

Snyk CLI 操作系统命令注入漏洞

Snyk CLI is a build-time tool from Snyk USA for finding and fixing known vulnerabilities in your project. Snyk CLI before 1.1064.0, snyk-mvn-plugin before 2.31.3, snyk-gradle-plugin before 3.24.5, snyk-cocoapods-plugin before 2.5.3, snyk-sbt-plugin before 2.16.2 versions, snyk-python-plugin befor...